We detect you are using an unsupported browser. For the best experience, please visit the site using Chrome, Firefox, Safari, or Edge. X
Maximize Your Experience: Reap the Personalized Advantages by Completing Your Profile to Its Fullest! Update Here
Stay in the loop with the latest from Microchip! Update your profile while you are at it. Update Here
Complete your profile to access more resources.Update Here!

Protecting the Storage Platform through Measurement and Attestation │Part 2: Threat Modeling for the New Age of Protection

Attacks targeting your systems are disturbingly widespread – here's what you need to know. 

Part 2: Threat Modeling for the New Age of Protection

Part 1 of this series examined how security challenges have changed with the globalization of the supply chain. The Part 2 installment goes beyond the supply chain to examine other elements of the overall threat model, shown below.  


A category of threat comes from individuals who have access to an abundance of information, methods, and resources on the internet. Resources include downloaded development environments, online for sale probes/analyzers, schematics and other tools. Bad actors in non-conventional environments with very low budgets can easily assemble everything needed to compromise a device either in production or on the way to production environments.  

 

Nation states may also target a corporate workforce. Employees may be unduly influenced to insert damaging lines of code through monetary, subversive, or unintentional means. Trust models are increasingly challenging as the workforce is distributed worldwide.  In other cases, nations sponsor academia and industry to develop vulnerability methods which become published works. Generally the work is intended to harden the industry or establish new methods to develop products.  Often times the published work provide methodologies for exploitation.

 

From a sophistication standpoint, it can be also be assumed actors have access to production lines or own production environments. Components are brought in, sent through the production process, and returned to original packaging. The end resulting consumable, appears identical to the OEM produced end product - right down to being sealed with the OEM box tape. Detection remains obscured until something goes wrong with the product or there is evidence of a breach. 

 

The proposed manufacturing line is not factious, as evidence exists that compromised systems have reached customers. In 2015 by example, several drive manufacturers contained drive firmware which had been compromised. A bad actor analyzed the firmware layout and determined how to flash the firmware with malicious code. Unused flash space was exploited on the device itself as part of the attack. The malware was nearly impossible to purge as every time the device would boot, the malicious code would run, intercept the data meant for storage, and acknowledge successful flashing the new firmware. 

 

Source: How the NSA's Firmware Hacking Works and Why It's So Unsettling

 

There are many examples of this type of attack but the important point is it’s a sophisticated attack and disturbingly widespread across a range of hard drives from different manufacturers.   

 

In Part 3 of our series we will look at how product manufacturers can close this major vulnerability gap through the use of Secure Trusted Firmware. 

 

Part 1: Understanding the Changes in the Security Landscape

Part 3: Understanding How Secure Trusted Firmware Translates into Solution Requirements and Product Guarantees

Part 4

Part 5: Additional Measures for Protecting the Storage Platform

 

For more information visit Microchip Technology



Jeff Plank, Jan 7, 2020
Tags/Keywords: Security
Page link copied to clipboard